summaryrefslogtreecommitdiff
path: root/includes/WebResponse.php
diff options
context:
space:
mode:
Diffstat (limited to 'includes/WebResponse.php')
-rw-r--r--includes/WebResponse.php56
1 files changed, 36 insertions, 20 deletions
diff --git a/includes/WebResponse.php b/includes/WebResponse.php
index 193101b1..8e15d712 100644
--- a/includes/WebResponse.php
+++ b/includes/WebResponse.php
@@ -30,8 +30,8 @@ class WebResponse {
/**
* Output a HTTP header, wrapper for PHP's
* header()
- * @param $string String: header to output
- * @param $replace Bool: replace current similar header
+ * @param string $string header to output
+ * @param bool $replace replace current similar header
* @param $http_response_code null|int Forces the HTTP response code to the specified value.
*/
public function header( $string, $replace = true, $http_response_code = null ) {
@@ -40,15 +40,20 @@ class WebResponse {
/**
* Set the browser cookie
- * @param $name String: name of cookie
- * @param $value String: value to give cookie
- * @param $expire Int: number of seconds til cookie expires
- * @param $prefix String: Prefix to use, if not $wgCookiePrefix (use '' for no prefix)
- * @param @domain String: Cookie domain to use, if not $wgCookieDomain
+ * @param string $name name of cookie
+ * @param string $value value to give cookie
+ * @param int $expire Unix timestamp (in seconds) when the cookie should expire.
+ * 0 (the default) causes it to expire $wgCookieExpiration seconds from now.
+ * @param string $prefix Prefix to use, if not $wgCookiePrefix (use '' for no prefix)
+ * @param string $domain Cookie domain to use, if not $wgCookieDomain
+ * @param $forceSecure Bool:
+ * true: force the cookie to be set with the secure attribute
+ * false: force the cookie to be set without the secure attribute
+ * null: use the value from $wgCookieSecure
*/
- public function setcookie( $name, $value, $expire = 0, $prefix = null, $domain = null ) {
+ public function setcookie( $name, $value, $expire = 0, $prefix = null, $domain = null, $forceSecure = null ) {
global $wgCookiePath, $wgCookiePrefix, $wgCookieDomain;
- global $wgCookieSecure,$wgCookieExpiration, $wgCookieHttpOnly;
+ global $wgCookieSecure, $wgCookieExpiration, $wgCookieHttpOnly;
if ( $expire == 0 ) {
$expire = time() + $wgCookieExpiration;
}
@@ -58,7 +63,18 @@ class WebResponse {
if( $domain === null ) {
$domain = $wgCookieDomain;
}
- $httpOnlySafe = wfHttpOnlySafe() && $wgCookieHttpOnly;
+
+ if ( is_null( $forceSecure ) ) {
+ $secureCookie = $wgCookieSecure;
+ } else {
+ $secureCookie = $forceSecure;
+ }
+
+ // Mark the cookie as httpOnly if $wgCookieHttpOnly is true,
+ // unless the requesting user-agent is known to have trouble with
+ // httpOnly cookies.
+ $httpOnlySafe = $wgCookieHttpOnly && wfHttpOnlySafe();
+
wfDebugLog( 'cookie',
'setcookie: "' . implode( '", "',
array(
@@ -67,14 +83,14 @@ class WebResponse {
$expire,
$wgCookiePath,
$domain,
- $wgCookieSecure,
+ $secureCookie,
$httpOnlySafe ) ) . '"' );
setcookie( $prefix . $name,
$value,
$expire,
$wgCookiePath,
$domain,
- $wgCookieSecure,
+ $secureCookie,
$httpOnlySafe );
}
}
@@ -89,8 +105,8 @@ class FauxResponse extends WebResponse {
/**
* Stores a HTTP header
- * @param $string String: header to output
- * @param $replace Bool: replace current similar header
+ * @param string $string header to output
+ * @param bool $replace replace current similar header
* @param $http_response_code null|int Forces the HTTP response code to the specified value.
*/
public function header( $string, $replace = true, $http_response_code = null ) {
@@ -133,14 +149,14 @@ class FauxResponse extends WebResponse {
/**
* @todo document. It just ignore optional parameters.
*
- * @param $name String: name of cookie
- * @param $value String: value to give cookie
- * @param $expire Int: number of seconds til cookie expires (Default: 0)
+ * @param string $name name of cookie
+ * @param string $value value to give cookie
+ * @param int $expire number of seconds til cookie expires (Default: 0)
* @param $prefix TODO DOCUMENT (Default: null)
* @param $domain TODO DOCUMENT (Default: null)
- *
+ * @param $forceSecure TODO DOCUMENT (Default: null)
*/
- public function setcookie( $name, $value, $expire = 0, $prefix = null, $domain = null ) {
+ public function setcookie( $name, $value, $expire = 0, $prefix = null, $domain = null, $forceSecure = null ) {
$this->cookies[$name] = $value;
}
@@ -148,7 +164,7 @@ class FauxResponse extends WebResponse {
* @param $name string
* @return string
*/
- public function getcookie( $name ) {
+ public function getcookie( $name ) {
if ( isset( $this->cookies[$name] ) ) {
return $this->cookies[$name];
}